GHSA-565G-HWWR-4PP3 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ParseMustBeSegmentNzNc function when processing large input containing many commas. An attacker can cause excessive stack consumption and application crash by supplying specially crafted input. Remediation...

UBUNTU-CVE-2023-53782

In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...

CVE-2023-53782 dccp: Fix out of bounds access in DCCP error handler

In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of th...

PT-2025-49642

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue existed in the DCCP error handlers. A previous fix incorrectly assumed the error handlers only accessed the first 8 bytes of the DCCP header. However, they...

Users can modify tags on files that do not belong to them

None...

Stored XSS in contacts app via organisation and title field

None...

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

ROS-20251203-13

A vulnerability in the checkout and pull functions of the Git extension for version control of large Git LFS files is related to incorrect definition of symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to gain write access to arbitrary...

Missing Authorization

Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...

EUVD-2025-199887

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash

Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution

Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990411 advisory. In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum...

CVE-2025-34294

...

CVE-2025-62985

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...

PT-2025-44187

Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description A time-of-check/time-of-use TOCTOU race condition exists in the File Integrity Monitoring FIM component when automatic threat removal is enabled. This can allow a local, low-privileged attacker...

CVE-2025-62985

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...

CVE-2025-62985

CVE-2025-62985 is a stored XSS in the WordPress plugin Simple Pull Quote (versions

CVE-2025-62985 WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...